- Forescout reports found many weak solar equipment
- Europe has 76% of all exposed solar power devices, especially with Germany and Greece
- Solarview compact exposure jumped 350% in two years, and it is already connected to cybercrime.
The rapid development of solar energy adoption worldwide has given rise to renewed concerns about cyber security weaknesses within the solar infrastructure.
A study by Vedre Labs of Forescout Around 35,000 solar energy equipment found, including inverters, data loggers and gateways, are exposed to the Internet, making them susceptible to exploitation.
These findings follow a previous report by Forescout which identified 46 weaknesses in solar power systems.
High risk and geopolitical implications
It is now particularly worrying that many of these devices are unpublished, even cyber threats become more sophisticated.
The irony is that sellers with the highest number of exposed tools do not necessarily have the largest global installation, suggesting issues such as poor default safety configuration, insufficient user guidance, or unprotected manual settings.
Forcout found that Germany and Greece are the most affected for 76% of all exposed equipment in Europe.
While an internet-wisdom solar system is not automatically weak, it becomes a soft target for cyber criminal. For example, the solarview compact device experienced a 350% increase in online exposure over two years and the 2024 cyber phenomenon included the theft of a bank account in Japan.
The concerns around the solar infrastructure deepened when Reuters reported the wicked communication module in the Chinese-made inverter.
Although not bound by a specific attack, the discovery inspired many governments to re -evaluate the safety of their energy systems.
According to Forescout, unprotected configurations are common, and many devices still run old firmware versions. Some are currently known for weaknesses under active exploitation.
Tools such as closed SMA Sunny webbox still account for an important part of the exposed systems.
It is not just a matter of faulty products, it reflects a system-wide risk. While individually limited in impact, these internet-intensity equipment can serve as entry points in important infrastructure.
To reduce the risk, organizations must retire tools that cannot be patched and avoid highlighting management interfaces on the Internet.
For remote access, safe solutions such as VPN, with CISA and NIST guidelines, are necessary.
Additionally, a layered approach using top-remedies tools, endpoint protection solutions and especially zero trust network access (ZTNA) architecture may be necessary to keep vital approach to keep important systems untouched by infiltration.
